Sign up to receive free email alerts when patent applications with chosen keywords are publishedSIGN UP

Abstract:

A mobile communication method according to the present invention
includes: a step in which a mobile management node MME generates a key
Kx using a key KASME1 and a key KASME2, the key Kx
being used in security of the data signal transmitted and received
through a Ud interface, the key KASME1 being managed only by the
mobile management node MME and a mobile station UE#1, the key KASME2
being managed only by the mobile management node MME and a mobile station
UE#2; a step in which the mobile management node MME transmits the key
Kx to the mobile station UE#1 and the mobile station UE#2; and a
step in which the mobile station UE#1 and the mobile station UE#2
transmit and receive the data signal through the Ud interface using the
key K.

Claims:

1. A mobile communication method in which a first mobile station and a
second mobile station transmit and receive a data signal through an
inter-mobile station interface without a radio base station interface,
the inter-mobile station interface being set between the first mobile
station and the second mobile station, the radio base station interface
being set between a radio base station and the first mobile station and
the second mobile station, the mobile communication method comprising: a
step in which a mobile management node generates an inter-mobile station
communication key using a first access security management key and a
second access security management key, the inter-mobile station
communication key being used in security of the data signal transmitted
and received through the inter-mobile station interface, the first access
security management key being managed only by the mobile management node
and the first mobile station, the second access security management key
being managed only by the mobile management node and the second mobile
station; a step in which the mobile management node transmits the
inter-mobile station communication key to the first mobile station and
the second mobile station; and a step in which the first mobile station
and the second mobile station transmit and receive the data signal
through the inter-mobile station interface using the inter-mobile station
communication key.

2. A mobile management node used in a mobile communication system, the
mobile communication system being configured such that a first mobile
station and a second mobile station can transmit and receive a data
signal through an inter-mobile station interface without a radio base
station interface, the inter-mobile station interface being set between
the first mobile station and the second mobile station, the radio base
station interface being set between a radio base station and the first
mobile station and the second mobile station, the mobile management node
comprising: a generator that is configured to generate an inter-mobile
station communication key using a first access security management key
and a second access security management key, the inter-mobile station
communication key being used in security of the data signal transmitted
and received through the inter-mobile station interface, the first access
security management key being managed only by the mobile management node
and the first mobile station, the second access security management key
being managed only by the mobile management node and the second mobile
station; and a transmission unit that is configured to transmit the
inter-mobile station communication key to the first mobile station and
the second mobile station.

3. A mobile communication method in which a first mobile station and a
second mobile station transmit and receive a data signal through an
inter-mobile station interface without a radio base station interface,
the inter-mobile station interface being set between the first mobile
station and the second mobile station, the radio base station interface
being set between a radio base station and the first mobile station and
the second mobile station, the mobile communication method comprising: a
step in which the radio base station generates an inter-mobile station
communication key using a first radio base station key and a second radio
base station key, the inter-mobile station communication key being used
in security of the data signal transmitted and received through the
inter-mobile station interface, the first radio base station key being
managed only by the radio base station and the first mobile station, the
second radio base station key being managed only by the radio base
station and the second mobile station; a step in which the radio base
station transmits the inter-mobile station communication key to the first
mobile station and the second mobile station; and a step in which the
first mobile station and the second mobile station transmit and receive
the data signal through the inter-mobile station interface using the
inter-mobile station communication key.

4. A radio base station used in a mobile communication system, the mobile
communication system being configured such that a first mobile station
and a second mobile station can transmit and receive a data signal
through an inter-mobile station interface without a radio base station
interface, the inter-mobile station interface being set between the first
mobile station and the second mobile station, the radio base station
interface being set between the radio base station and the first mobile
station and the second mobile station, the radio base station comprising:
a generator that is configured to generate an inter-mobile station
communication key using a first radio base station key and a second radio
base station key, the inter-mobile station communication key being used
in security of the data signal transmitted and received through the
inter-mobile station interface, the first radio base station key being
managed only by the radio base station and the first mobile station, the
second radio base station key being managed only by the radio base
station and the second mobile station; and a transmission unit that is
configured to transmit the inter-mobile station communication key to the
first mobile station and the second mobile station.

5. A mobile communication method in which a first mobile station and a
second mobile station transmit and receive a data signal through an
inter-mobile station interface without a radio base station interface,
the inter-mobile station interface being set between the first mobile
station and the second mobile station, the radio base station interface
being set between a radio base station and the first mobile station and
the second mobile station, the mobile communication method comprising: a
step in which a mobile management node generates a first parameter and a
second parameter to generate an inter-mobile station communication key
using a first access security management key and a second access security
management key, the inter-mobile station communication key being used in
security of the data signal transmitted and received through the
inter-mobile station interface, the first access security management key
being managed only by the mobile management node and the first mobile
station, the second access security management key being managed only by
the mobile management node and the second mobile station; a step in which
the mobile management node transmits the first parameter to the first
mobile station and transmits the second parameter to the second mobile
station; a step in which the first mobile station generates the
inter-mobile station communication key using the first parameter; a step
in which the second mobile station generates the inter-mobile station
communication key using the second parameter; and a step in which the
first mobile station and the second mobile station transmit and receive
the data signal through the inter-mobile station interface using the
inter-mobile station communication key.

6. A mobile management node used in a mobile communication system, the
mobile communication system being configured such that a first mobile
station and a second mobile station can transmit and receive a data
signal through an inter-mobile station interface without a radio base
station interface, the inter-mobile station interface being set between
the first mobile station and the second mobile station, the radio base
station interface being set between a radio base station and the first
mobile station and the second mobile station, the mobile management node
comprising: a generator that is configured to generate a first parameter
and a second parameter to generate an inter-mobile station communication
key using a first access security management key and a second access
security management key, the inter-mobile station communication key being
used in security of the data signal transmitted and received through the
inter-mobile station interface, the first access security management key
being managed only by the mobile management node and the first mobile
station, the second access security management key being managed only by
the mobile management node and the second mobile station; and a
transmission unit that is configured to, transmit the first parameter to
the first mobile station and to transmit the second parameter to the
second mobile station.

7. A mobile communication method in which a first mobile station and a
second mobile station transmit and receive a data signal through an
inter-mobile station interface without a radio base station interface,
the inter-mobile station interface being set between the first mobile
station and the second mobile station, the radio base station interface
being set between a radio base station and the first mobile station and
the second mobile station, the mobile communication method comprising: a
step in which the radio base station generates a first parameter and a
second parameter to generate an inter-mobile station communication key
using a first radio base station key and a second radio base station key,
the inter-mobile station communication key being used in security of the
data signal transmitted and received through the inter-mobile station
interface, the first radio base station key being managed only by the
radio base station and the first mobile station, the second radio base
station key being managed only by the radio base station and the second
mobile station; a step in which the radio base station transmits the
first parameter to the first mobile station and transmits the second
parameter to the second mobile station; a step in which the first mobile
station generates the inter-mobile station communication key using the
first parameter; a step in which the second mobile station generates the
inter-mobile station communication key using the second parameter; and a
step in which the first mobile station and the second mobile station
transmit and receive the data signal through the inter-mobile station
interface using the inter-mobile station communication key.

8. A radio base station used in a mobile communication system, the mobile
communication system being configured such that a first mobile station
and a second mobile station can transmit and receive a data signal
through an inter-mobile station interface without a radio base station
interface, the inter-mobile station interface being set between the first
mobile station and the second mobile station, the radio base station
interface being set between the radio base station and the first mobile
station and the second mobile station, the radio base station comprising:
a generator that is configured to generate a first parameter and a second
parameter to generate an inter-mobile station communication key using a
first radio base station key and a second radio base station key, the
inter-mobile station communication key being used in security of the data
signal transmitted and received through the inter-mobile station
interface, the first radio base station key being managed only by the
radio base station and the first mobile station, the second radio base
station key being managed only by the radio base station and the second
mobile station; and a transmission unit that is configured to transmit
the first parameter to the first mobile station and to transmit the
second parameter to the second mobile station.

9-10. (canceled)

Description:

TECHNICAL FIELD

[0001] The present invention relates to a mobile communication method, a
mobile management node and a radio base station.

BACKGROUND ART

[0002] In cellular mobile communication systems such as a W-CDMA
(Wideband-Code Division Multiple Access) system and an LTE (Long Term
Evolution) system, plural mobile stations UE are configured to conduct
communication with each other through a radio access network device, or a
core network device or the like.

CITATION LIST

Non-Patent Literature

[0003] Non-Patent Literature 1: 3GPP TS36.300

[0004] Non-Patent Literature 2: 3GPP TS33.401

[0005] However, in the conventional cellular mobile communication system,
even if the plural mobile stations UE are located in an identical cell
(or a cell under a domination of the radio access network device),
unfortunately a process load on the radio access network device increases
because both a data signal and a control signal are configured to
transmitted and received through the radio access network device.

[0006] In order to solve the problem, it is conceivable that the plural
mobile stations transmit and receive the data signal through an
inter-mobile station interface (hereinafter referred to as a Ud
interface) without a Uu interface that is set between the mobile stations
and the radio base station.

[0007] However, in such cases, unfortunately an inter-mobile station
communication key used in security (concealment or falsification
detection) of the data signal transmitted and received through the Ud
interface cannot be generated using a mechanism of the existing mobile
communication system.

[0008] The present invention has been devised to solve the problems
described above, and an object thereof is to provide a mobile
communication method, a mobile management node, and a radio base station,
for being able to generate the inter-mobile station communication key,
which is used in the security (the concealment or the falsification
detection) of the data signal transmitted and received through the Ud
interface, using the mechanism of the existing mobile communication
system.

SUMMARY OF THE INVENTION

[0009] In accordance with a first feature of the present invention, a
mobile communication method in which a first mobile station and a second
mobile station transmit and receive a data signal through an inter-mobile
station interface without a radio base station interface, the
inter-mobile station interface being set between the first mobile station
and the second mobile station, the radio base station interface being set
between a radio base station and the first mobile station and the second
mobile station, includes: a step in which a mobile management node
generates an inter-mobile station communication key using a first access
security management key and a second access security management key, the
inter-mobile station communication key being used in security of the data
signal transmitted and received through the inter-mobile station
interface, the first access security management key being managed only by
the mobile management node and the first mobile station, the second
access security management key being managed only by the mobile
management node and the second mobile station; a step in which the mobile
management node transmits the inter-mobile station communication key to
the first mobile station and the second mobile station; and a step in
which the first mobile station and the second mobile station transmit and
receive the data signal through the inter-mobile station interface using
the inter-mobile station communication key.

[0010] In accordance with a second feature of the present invention, a
mobile management node used in a mobile communication system, the mobile
communication system being configured such that a first mobile station
and a second mobile station can transmit and receive a data signal
through an inter-mobile station interface without a radio base station
interface, the inter-mobile station interface being set between the first
mobile station and the second mobile station, the radio base station
interface being set between a radio base station and the first mobile
station and the second mobile station, includes: a generator that is
configured to generate an inter-mobile station communication key using a
first access security management key and a second access security
management key, the inter-mobile station communication key being used in
security of the data signal transmitted and received through the
inter-mobile station interface, the first access security management key
being managed only by the mobile management node and the first mobile
station, the second access security management key being managed only by
the mobile management node and the second mobile station; and a
transmission unit that is configured to transmit the inter-mobile station
communication key to the first mobile station and the second mobile
station.

[0011] In accordance with a third feature of the present invention, a
mobile communication method in which a first mobile station and a second
mobile station transmit and receive a data signal through an inter-mobile
station interface without a radio base station interface, the
inter-mobile station interface being set between the first mobile station
and the second mobile station, the radio base station interface being set
between a radio base station and the first mobile station and the second
mobile station, includes: a step in which the radio base station
generates an inter-mobile station communication key using a first radio
base station key and a second radio base station key, the inter-mobile
station communication key being used in security of the data signal
transmitted and received through the inter-mobile station interface, the
first radio base station key being managed only by the radio base station
and the first mobile station, the second radio base station key being
managed only by the radio base station and the second mobile station; a
step in which the radio base station transmits the inter-mobile station
communication key to the first mobile station and the second mobile
station; and a step in which the first mobile station and the second
mobile station transmit and receive the data signal through the
inter-mobile station interface using the inter-mobile station
communication key.

[0012] In accordance with a fourth feature of the present invention, a
radio base station used in a mobile communication system, the mobile
communication system being configured such that a first mobile station
and a second mobile station can transmit and receive a data signal
through an inter-mobile station interface without a radio base station
interface, the inter-mobile station interface being set between the first
mobile station and the second mobile station, the radio base station
interface being set between the radio base station and the first mobile
station and the second mobile station, includes: a generator that is
configured to generate an inter-mobile station communication key using a
first radio base station key and a second radio base station key, the
inter-mobile station communication key being used in security of the data
signal transmitted and received through the inter-mobile station
interface, the first radio base station key being managed only by the
radio base station and the first mobile station, the second radio base
station key being managed only by the radio base station and the second
mobile station; and a transmission unit that is configured to transmit
the inter-mobile station communication key to the first mobile station
and the second mobile station.

[0013] In accordance with a fifth feature of the present invention, a
mobile communication method in which a first mobile station and a second
mobile station transmit and receive a data signal through an inter-mobile
station interface without a radio base station interface, the
inter-mobile station interface being set between the first mobile station
and the second mobile station, the radio base station interface being set
between a radio base station and the first mobile station and the second
mobile station, the mobile communications method includes: a step in
which a mobile management node generates a first parameter and a second
parameter to generate an inter-mobile station communication key using a
first access security management key and a second access security
management key, the inter-mobile station communication key being used in
security of the data signal transmitted and received through the
inter-mobile station interface, the first access security management key
being managed only by the mobile management node and the first mobile
station, the second access security management key being managed only by
the mobile management node and the second mobile station; a step in which
the mobile management node transmits the first parameter to the first
mobile station and transmits the second parameter to the second mobile
station; a step in which the first mobile station generates the
inter-mobile station communication key using the first parameter; a step
in which the second mobile station generates the inter-mobile station
communication key using the second parameter; and a step in which the
first mobile station and the second mobile station transmit and receive
the data signal through the inter-mobile station interface using the
inter-mobile station communication key.

[0014] In accordance with a sixth feature of the present invention, a
mobile management node used in a mobile communication system, the mobile
communication system being configured such that a first mobile station
and a second mobile station can transmit and receive a data signal
through an inter-mobile station interface without a radio base station
interface, the inter-mobile station interface being set between the first
mobile station and the second mobile station, the radio base station
interface being set between a radio base station and the first mobile
station and the second mobile station, includes: a generator that is
configured to generate a first parameter and a second parameter to
generate an inter-mobile station communication key using a first access
security management key and a second access security management key, the
inter-mobile station communication key being used in security of the data
signal transmitted and received through the inter-mobile station
interface, the first access security management key being managed only by
the mobile management node and the first mobile station, the second
access security management key being managed only by the mobile
management node and the second mobile station; and a transmission unit
that is configured to transmit the first parameter to the first mobile
station and to transmit the second parameter to the second mobile
station.

[0015] In accordance with a seventh feature of the present invention, a
mobile communication method in which a first mobile station and a second
mobile station transmit and receive a data signal through an inter-mobile
station interface without a radio base station interface, the
inter-mobile station interface being set between the first mobile station
and the second mobile station, the radio base station interface being set
between a radio base station and the first mobile station and the second
mobile station, includes: a step in which the radio base station
generates a first parameter and a second parameter to generate an
inter-mobile station communication key using a first radio base station
key and a second radio base station key, the inter-mobile station
communication key being used in security of the data signal transmitted
and received through the inter-mobile station interface, the first radio
base station key being managed only by the radio base station and the
first mobile station, the second radio base station key being managed
only by the radio base station and the second mobile station; a step in
which the radio base station transmits the first parameter to the first
mobile station and transmits the second parameter to the second mobile
station; a step in which the first mobile station generates the
inter-mobile station communication key using the first parameter; a step
in which the second mobile station generates the inter-mobile station
communication key using the second parameter; and a step in which the
first mobile station and the second mobile station transmit and receive
the data signal through the inter-mobile station interface using the
inter-mobile station communication key.

[0016] In accordance with an eighth feature of the present invention, a
radio base station used in a mobile communication system, the mobile
communication system being configured such that a first mobile station
and a second mobile station can transmit and receive a data signal
through an inter-mobile station interface without a radio base station
interface, the inter-mobile station interface being set between the first
mobile station and the second mobile station, the radio base station
interface being set between the radio base station and the first mobile
station and the second mobile station, includes: a generator that is
configured to generate a first parameter and a second parameter to
generate an inter-mobile station communication key using a first radio
base station key and a second radio base station key, the inter-mobile
station communication key being used in security of the data signal
transmitted and received through the inter-mobile station interface, the
first radio base station key being managed only by the radio base station
and the first mobile station, the second radio base station key being
managed only by the radio base station and the second mobile station; and
a transmission unit that is configured to transmit the first parameter to
the first mobile station and to transmit the second parameter to the
second mobile station.

[0017] In accordance with a ninth feature of the present invention, a
mobile station that acts as a first mobile station in a mobile
communication system, the mobile communication system being configured
such that the first mobile station and a second mobile station can
transmit and receive a data signal through an inter-mobile station
interface without a radio base station interface, the inter-mobile
station interface being set between the first mobile station and the
second mobile station, the radio base station interface being set between
a radio base station and the first mobile station and the second mobile
station, includes: a reception unit that is configured to acquire an
inter-mobile station communication key from the radio base station or a
mobile management node; and a communication unit that is configured to
transmit and receive the data signal to and from the second mobile
station through the inter-mobile station interface using the inter-mobile
station communication key.

[0018] In accordance with a tenth feature of the present invention, a
mobile station that acts as a first mobile station in a mobile
communication system, the mobile communication system being configured
such that the first mobile station and a second mobile station can
transmit and receive a data signal through an inter-mobile station
interface without a radio base station interface, the inter-mobile
station interface being set between the first mobile station and the
second mobile station, the radio base station interface being set between
a radio base station and the first mobile station and the second mobile
station, includes: a reception unit that is configured to acquire a first
parameter from the radio base station or a mobile management node; a
generator that is configured to generate an inter-mobile station
communication key using the first parameter; and a communication unit
that is configured to transmit and receive the data signal to and from
the second mobile station through the inter-mobile station interface
using the inter-mobile station communication key.

[0019] As described above, the present invention can provide a mobile
communication method, a mobile management node, and a radio base station,
for being able to generate an inter-mobile station communication key,
which is used in the security (the concealment or the falsification
detection) of a data signal transmitted and received through a Ud
interface, using a mechanism of the existing mobile communication system.

BRIEF DESCRIPTION OF DRAWINGS

[0020] FIG. 1 is an entire configuration diagram of a mobile communication
system according to a first embodiment of the present invention.

[0021] FIG. 2 is a functional block diagram of a mobile management node
and a radio base station according to the first embodiment of the present
invention.

[0022] FIG. 3 is a view illustrating a method for generating a key Kx
in the mobile communication system according to the first embodiment of
the present invention.

[0023] FIG. 4 is a view illustrating a method for generating the key
Kx in a mobile communication system according to a second embodiment
of the present invention.

[0024] FIG. 5 is a functional block diagram of a mobile station according
to the second embodiment of the present invention.

DESCRIPTION OF EMBODIMENTS

Mobile Communication System of First Embodiment of the Present Invention

[0025] A mobile communication system according to a first embodiment of
the present invention will be described with reference to FIGS. 1 to 3.

[0026] The mobile communication system of the embodiment is an LTE mobile
communication system, and includes a mobile management node MME (Mobility
Management Entity) and a radio base station eNB that is connected under a
domination of the mobile management node MME as illustrated in FIG. 1.
The present invention can also be applied to a cellar mobile
communication system except the LTE mobile communication system.

[0027] The radio base station eNB and mobile stations UE#1/UE#2 are
configured to transmit and receive a data signal to and from each other
through a Uu interface, and the mobile station UE#1 and the mobile
station UE#2 are configured to transmit and receive the data signal to
and from each other through a Ud interface.

[0028] That is, the mobile station UE#1 can transmit and receive the data
signal to and from the mobile station UE#2 through the radio base station
eNB (through the Uu interface), and transmit and receive the data signal
to and from the mobile station UE#2 without the radio base station eNB
(through the Ud interface).

[0029] Similarly, the mobile station UE#2 can transmit and receive the
data signal to and from the mobile station UE#1 through the radio base
station eNB (through the Uu interface), and transmit and receive the data
signal to and from the mobile station UE#1 without the radio base station
eNB (through the Ud interface).

[0030] At this point, security (concealment or falsification detection) is
applied to the data signal that is transmitted and received through the
Uu interface or the Ud interface. A common key is prepared between
transmission and reception entities in order to apply the security.

[0031] A key generating method in the LTE Uu interface is defined by 3GPP
TS33.401 and the like. The present invention relates to the key
generating method in the Ud interface.

[0032] As illustrated in FIG. 2, the mobile management node MME includes a
management unit 11, a generator 12, and a transmission unit 13.

[0033] The management unit 11 is configured to manage a key KASME
(Access Security Management Entity) for each mobile station UE. The key
KASME is defined by 3GPP TS33.401. For example, the management unit
11 is configured to manage a key KASME1 for the mobile station UE#1
and a key KASME2 for the mobile station UE#2.

[0034] The key KASME1 is not managed by the radio base station eNB or
the mobile station UE#2, but managed only by the mobile management node
MME and the mobile station UE#1. The key KASME2 is not managed by
the radio base station eNB or the mobile station UE#1, but managed only
by the mobile management node MME and the mobile station UE#2.

[0035] The generator 12 is configured to generate a key Kx using the
key KASME1 and the key KASME2. The key Kx is used to
transmit and receive the data signal between the mobile station UE#1 and
the mobile station UE#2 through the U interface.

[0036] For example, as illustrated in FIG. 3, the generator 12 may be
configured to generate the key Kx using an equation "Kx=KDF
(KASME1, KASME2)".

[0037] Using the key KASME1, the generator 12 may be configured to
generate a parameter NH1 (see 3GPP TS33.401) necessary to generate a key
KeNB1. The key KeNB1 is necessary to generate a key
KRRC--.sub.INT1, a key KRRC--.sub.ENC1, and a key
KUP--.sub.ENC1, which are used to transmit and receive the data
signal between the mobile station UE#1 and the radio base station eNB
through the Uu interface.

[0038] Similarly, using the key KASME2, the generator 12 may be
configured to generate a parameter NH2 (see 3GPP TS33.401) necessary to
generate a key KeNB2. The key KeNB2 is necessary to generate a
key KRRC--.sub.INT2, a key KRRC--.sub.ENC2, and a key
KUP--.sub.ENC2, which are used to transmit and receive the data
signal between the mobile station UE#2 and the radio base station eNB
through the Uu interface.

[0039] The generator 12 may be configured to generate the key KeNB1
using the key KASME1, and to generate the key KeNB2 using the
key KASME2.

[0040] The transmission unit 13 is configured to transmit the key Kx
to the mobile station UE#1 and the mobile station UE#2.

[0041] The transmission unit 13 may be configured to transmit the
parameters NH1 and NH2 to the radio base station eNB.

[0042] The transmission unit 13 may be configured to transmit a counter
NCC1 of the parameter NH1 to the radio base station eNB and the mobile
station UE#1, and to transmit a counter NCC2 of the parameter NH2 to the
radio base station eNB and the mobile station UE#2.

[0043] The transmission unit 13 may be configured to transmit the key
KeNB1 and the KeNE2 to the radio base station eNB.

[0044] At this point, the mobile station UE#1 is configured to transmit
and receive the data signal to and from the mobile station UE#2 through
the Ud interface using the key Kx received from the mobile
management node MME.

[0045] Similarly, the mobile station UE#2 is configured to transmit and
receive the data signal to and from the mobile station UE#1 through the
Ud interface using the key Kx received from the mobile management
node MME.

[0046] The mobile station UE#1 is configured to generate the key
KRRC--.sub.INT1, the key KKRRC--.sub.ENC1, and the
key KUP--.sub.ENC1 using the parameter NH1 received from the
mobile management node MME and the key KeNB1 managed by the mobile
station UE#1. The mobile station UE#1 is also configured to transmit and
receive the data signal to and from the radio base station eNB through
the Uu interface using the key KRRC--.sub.INT1, the key
KRRC--.sub.ENC1, and the key KUP--.sub.ENC1.

[0047] The mobile station UE#2 is configured to generate the key
KRRC--.sub.INT2, the key KRRC--.sub.ENC2, and the key
KUP--.sub.ENC2 using the parameter NH2 received from the mobile
management node MME and the key KeNB2 managed by the mobile station
UE#2. The mobile station UE#2 is also configured to transmit and receive
the data signal to and from the radio base station eNB through the Uu
interface using the key KRRC--.sub.INT2, the key
KRRC--.sub.ENC2, and the key KUP--.sub.ENC2.

[0048] In the mobile communication system according to the first
embodiment of the present invention, using the key KASME1 and the
key KASME2, which are used in the existing mobile communication
system, the mobile management node MME can generate the key Kx,
which is used to transmit and receive the data signal between the mobile
station UE#1 and the mobile station UE#2 through the Ud interface, and
the mobile management node MME can transmit the data signal to the mobile
station UE#1 and the mobile station UE#2.

[0049] (First Modification)

[0050] A first modification of the mobile communication system according
to the first embodiment of the present invention will be described below
by focusing on a point different from the mobile communication system of
the first embodiment.

[0051] In the mobile communication system of the first modification,
instead of the mobile management node MME, the radio base station eNB
generates the key Kx and transmits the key Kx to the mobile
station UE#1 and the mobile station UE#2.

[0052] Specifically, as illustrated in FIG. 2, instead of the mobile
management node MME, the radio base station eNB includes the management
unit 11, the generator 12, and the transmission unit 13.

[0053] The management unit 11 is configured to manage a key KeNB for
each mobile station UE. The key KeNB is defined by 3GPP TS33.401.
For example, the management unit 11 is configured to manage the key
KeNB1 for the mobile station UE#1 and the key KeNB2 for the
mobile station UE#2.

[0054] The key KeNB1 is not managed by the mobile management node MME
(except the first-time key KeNB1 generated by the MME during
establishment of the communication) or the mobile station UE#2, but
managed only by the radio base station eNB and the mobile station UE#1.
The key KeNB2 is not managed by the mobile management node MME
(except the first-time key KeNB2 generated by the MME during the
establishment of the communication) or the mobile station UE#1, but
managed only by the radio base station eNB and the mobile station UE#2.

[0055] The generator 12 is configured to generate the key Kx using
the key KeNB1 and the key KeNB2. The key Kx is used to
transmit and receive the data signal between the mobile station UE#1 and
the mobile station UE#2 through the Ud interface.

[0056] For example, as illustrated in FIG. 3, the generator 12 may be
configured to generate the key Kx using an equation
"Kx=KDF(KeNB1, KeNB2)".

[0057] Using the parameter NH1 received from the mobile management node
MME and the key KeNB1 managed by the generator 12, the generator 12
may be configured to generate the key KRRC--.sub.INT1, the key
KRRC--.sub.ENC1, and the key KUP--.sub.ENC1, which
are used to transmit and receive the data signal between the mobile
station UE#1 and the radio base station eNB through the Uu interface.

[0058] Similarly, using the parameter NH2 received from the mobile
management node MME and the key KeNB2 managed by the generator 12,
the generator 12 may be configured to generate the key
KRRC--.sub.INT2, the key KRRC--.sub.ENC2, and the key
KUP--.sub.ENC2, which are used to transmit and receive the data
signal between the mobile station UE#2 and the radio base station eNB
through the Uu interface.

[0059] The transmission unit 13 is configured to transmit the key Kx
to the mobile station UE#1 and the mobile station UE#2.

[0060] In the mobile communication system according to the first
modification of the first embodiment of the present invention, using the
key KeNB1 and the key KeNB2, which are used in the existing
mobile communication system, the radio base station eNB can generate the
key Kx, which is used to transmit and receive the data signal
between the mobile station UE#1 and the mobile station UE#2 through the
Ud interface, and the radio base station eNB can transmit the data signal
to the mobile station UE#1 and the mobile station UE#2.

Second Embodiment of the Present Invention

[0061] A mobile communication system according to a second embodiment of
the present invention will be described with reference to FIGS. 4 and 5.
The mobile communication system according to the second embodiment of the
present invention will be described below by focusing on the point
different from the mobile communication system of the first embodiment.

[0062] The generator 12 of the mobile management node MME is configured to
generate a parameter Kx1 and a parameter Kx2 using the key
KASME1 and the key KASME2. The parameter Kx1 and the
parameter Kx2 are used to generate the Kx used to transmit and
receive the data signal between the mobile station UE#1 and the mobile
station UE#2 through the Ud interface.

[0063] For example, as illustrated in FIG. 4, the generator 12 of the
mobile management node MME may be configured to generate the parameter
Kx1 using an equation "Kx1=KDF (KASME1, KASME2,
KASME2)" (alternatively, an equation "Kx1=KDF (KASME2)"
may be used).

[0064] As illustrated in FIG. 4, the generator 12 of the mobile management
node MME may be configured to generate the parameter Kx2 using an
equation "Kx2=KDF (KASME1, KASME1, KASME2)"
(alternatively, an equation "Kx2=KDF (KASME1)" may be used).

[0065] The transmission unit 13 of the mobile management node MME is
configured to transmit the parameter Kx1 to the mobile station UE#1,
and to transmit the parameter Kx2 to the mobile station UE#2.

[0066] As illustrated in FIG. 5, each of the mobile station UE#1 and the
mobile station UE#2 includes a management unit 21, a reception unit 22, a
generator 23, and a communication unit 24.

[0067] The management unit 21 of the mobile station UE#1 is configured to
manage the key KASME1 and the key KeNB1. The management unit 21
of the mobile station UE#2 is configured to manage the key KASME2
and the key KeNB2.

[0068] The reception unit 22 of the mobile station UE#1 is configured to
receive the counter NCC1 of the parameter NH1 and the parameter Kx1
from the mobile management node MME. The reception unit 22 of the mobile
station UE#2 is configured to receive the counter NCC2 of the parameter
NH2 and the parameter Kx2 from the mobile management node MME.

[0069] The generator 23 of the mobile station UE#1 is configured to
generate the key Kx using the parameter Kx1 and the key
KASME1 managed by the mobile station UE#1. The key Kx is used
to transmit and receive the data signal to and from the mobile station
UE#2 through the Ud interface.

[0070] For example, as illustrated in FIG. 4, the generator 23 of the
mobile station UE#1 may be configured to generate the key Kx using
an equation "Kx=KDF(Kx1, KASME1)".

[0071] Similarly the generator 23 of the mobile station UE#2 is configured
to generate the key Kx using the parameter Kx2 and the key
KASME2 managed by the mobile station UE#2. The key Kx is used
to transmit and receive the data signal to and from the mobile station
UE#1 through the Ud interface.

[0072] For example, as illustrated in FIG. 4, the generator 23 of the
mobile station UE#2 may be configured to generate the key Kx using
an equation "Kx=KDF(Kx2, KASME2)".

[0073] The generator 23 of the mobile station UE#1 is configured to
generate the key KRRC--.sub.INT1, the key
KRRC--.sub.ENC1, and the key KUP--.sub.ENC1 using the
parameter NH1 received from the mobile management node MME and the key
KeNB1 managed by the mobile station UE#1.

[0074] The mobile station UE#2is configured to generate the key
KRRC--.sub.INT2, the key KRRC--.sub.ENC2 and the key
KUP--.sub.ENC2 using the parameter NH2 received from the mobile
management node MME and the key KeNB2 managed by the mobile station
UE#2.

[0075] The communication unit 24 of the mobile station UE#1 is configured
to transmit and receive the data signal to and from the mobile station
UE#2 through the Ud interface using the key K.

[0076] The communication unit 24 of the mobile station UE#2 is configured
to transmit and receive the data signal to and from the mobile station
UE#1 through the Ud interface using the key Kx.

[0077] In the mobile communication system according to the second
embodiment of the present invention, using the key KASME1 and the
key KASME2, which are used in the existing mobile communication
system, the mobile management node MME generates the parameter Kx1
and the parameter Kx2 and transmits the parameter Kx1 and the
parameter Kx2 to the mobile station UE#1 and the mobile station
UE#2, and the mobile station UE#1 and the mobile station UE#2 can
generate the key Kx, which is used to transmit and receive the data
signal between the mobile station UE#1 and the mobile station UE#2
through the Ud interface, using the parameter Kx1 and the parameter
Kx2.

[0078] (Second Modification)

[0079] A second modification of the mobile communication system according
to the second embodiment of the present invention will be described below
by focusing on the point different from the mobile communication system
of the second embodiment.

[0080] In the mobile communication system of the second modification,
instead of the mobile management node MME, the radio base station eNB
generates the parameter Kx1 and the parameter Kx2 and transmits
the parameter Kx1 and the parameter Kx2 to the mobile station
UE#1 and the mobile station UE#2.

[0081] The generator 12 of the radio base station eNB is configured to
generate the parameter Kx1 and the parameter Kx2 using the key
KeNB1 and the key KeNB2. The parameter Kx1 and the
parameter Kx2 are used to transmit and receive the data signal
between the mobile station UE#1 and the mobile station UE#2 through the
Ud interface.

[0082] For example, as illustrated in FIG. 4, the generator 12 of the
radio base station eNB may be configured to generate the parameter
Kx1 using an equation "Kx1=KDF (KeNB1, KeNB2,
KeNB2)" (alternatively, an equation "Kx1=KDF (KeNB2)" may
be used).

[0083] As illustrated in FIG. 4, the generator 12 of the radio base
station eNB may be configured to generate the parameter Kx2 using an
equation "Kx2=KDF(KeNB1, KeNB1, KeNB2)"
(alternatively, an equation "Kx2=KDF (KeNB1)" may be used).

[0084] The transmission unit 13 of the radio base station eNB is
configured to transmit the parameter Kx1 to the mobile station UE#1,
and to transmit the parameter Kx2 to the mobile station UE#2.

[0085] The reception unit 22 of the mobile station UE#1 is configured to
receive the parameter Kx1 from the radio base station eNB. The
reception unit 22 of the mobile station UE#2 is configured to receive the
parameter Kx2 from the radio base station eNB.

[0086] The generator 23 of the mobile station UE#1 is configured to
generate the key Kx using the parameter Kx1 and the key
KeNB1 managed by the mobile station UE#1. The key Kx is used to
transmit and receive the data signal to and from the mobile station UE#2
through the Ud interface.

[0087] For example, as illustrated in FIG. 4, the generator 23 of the
mobile station UE#1 may be configured to generate the key Kx using
an equation "Ks=KDF(Kx1, KeNB1)".

[0088] Similarly the generator 23 of the mobile station UE#2 is configured
to generate the key Kx using the parameter Kx2 and the key
KeNB2 managed by the mobile station UE#2. The key Kx is used to
transmit and receive the data signal to and from the mobile station UE#1
through the Ud interface.

[0089] For example, as illustrated in FIG. 4, the generator 23 of the
mobile station UE#2 may be configured to generate the key Kx using
an equation "Kx=KDF(Kx2, KeNB2)".

[0090] In the mobile communication system according to the second
modification of the second embodiment, using the key KeNB1 and the
key KeNB2, which are used in the existing mobile communication
system, the radio base station eNB generates the parameter Kx1 and
the parameter Kx2 and transmits the parameter Kx1 and the
parameter Kx2 to the mobile station UE#1 and the mobile station
UE#2, and the mobile station UE#1 and the mobile station UE#2 can
generate the key Kx, which is used to transmit and receive the data
signal between the mobile station UE#1 and the mobile station UE#2
through the Ud interface, using the parameter Kx1 and the parameter
Kx2.

[0091] In the above all embodiments, the key actually used to transmit and
receive the data through the Ud interface may be a key derived from the
key Kx.

[0092] For example, the key derived from the key Kx may be used based
on some sort of parameter such as a counter, a bearer ID, a bearer type,
and a transmission and reception direction.

[0093] The above features of the embodiments may be expressed as follows.

[0094] In the first feature of the embodiments, the mobile communication
method in which the mobile station UE#1 (the first mobile station) and
the mobile station UE#2 (the second mobile station) transmit and receive
the data signal through the Ud interface (the inter-mobile station
interface) without the Uu interface (the radio base station interface),
the Ud interface being set between the mobile station UE#1 and the mobile
station UE#2, the Uu interface being set between the radio base station
eNB and the mobile station UE#1 and the mobile station UE#2, includes:
the step in which the mobile management node MME generates the key
Kx (the inter-mobile station communication key) using the key
KASME1 (the first access security management key) and the key
KASME2 (the second access security management key), the key Kx
being used in security of the data signal transmitted and received
through the Ud interface, the key KASME1 being managed only by the
mobile management node MME and the mobile station UE#1, the key
KASME2 being managed only by the mobile management node MME and the
mobile station UE#2; the step in which the mobile management node MME
transmits the key Kx to the mobile station UE#1 and the mobile
station UE#2; and the step in which the mobile station UE#1 and the
mobile station UE#2 transmit and receive the data signal through the Ud
interface using the key Kx.

[0095] In the second feature of the embodiments, the mobile management
node MME used in the mobile communication system, the mobile
communication system being configured such that the mobile station UE#1
and the mobile station UE#2 can transmit and receive the data signal
through the Ud interface without the Uu interface, includes: the
generator 12 that is configured to generate key the Kx using the key
KASME1 and the key KASME2, the key Kx being used in the
security of the data signal transmitted and received through the Ud
interface; and the transmission unit 13 that is configured to transmit
the key Kx to the mobile station UE#1 and the mobile station UE#2.

[0096] In the third feature of the embodiments, the mobile communication
method in which the mobile station UE#1 and the mobile station UE#2
transmit and receive the data signal through the Ud interface without the
Uu interface, includes: the step in which the radio base station eNB
generates the key Kx using the key KeNB1 (the first radio base
station key) and the key KeNB2 (the second radio base station key),
the key Kx being used in the security of the data signal transmitted
and received through the Ud interface, the key KeNB1 being managed
only by the radio base station eNB and the mobile station UE#1, the key
KeNB2 being managed only by the radio base station eNB and the
mobile station UE#2; the step in which the radio base station eNB
transmits the key Kx to the mobile station UE#1 and the mobile
station UE#2; and the step in which the mobile station UE#1 and the
mobile station UE#2 transmit and receive the data signal through the Ud
interface using the key K.

[0097] In the fourth feature of the embodiments, the radio base station
eNB used in the mobile communication system, the mobile communication
system being configured such that the mobile station UE#1 and the mobile
station UE#2 can transmit and receive the data signal through the Ud
interface without the Uu interface, includes: the generator 12 that is
configured to generate the key Kx using the key KeNB1 and the
key KeNB2 the key Kx being used in security of the data signal
transmitted and received through the Ud interface; and the transmission
unit 13 that is configured to transmit the key Kx to the mobile
station UE#1 and the mobile station UE#2.

[0098] In the fifth feature of the embodiments, the mobile communication
method in which the mobile station UE#1 and the mobile station UE#2
transmit and receive the data signal through the Ud interface without the
Uu interface, includes: the step in which the mobile management node MME
generates the parameter Kx1 (the first parameter) and the parameter
Kx2 (the second parameter) to generate the key Kx using the key
KASME1 and the key KASME2, the key Kx being used in the
security of the data signal transmitted and received through the Ud
interface; the step in which the mobile management node MME transmits the
parameter Kx1 to the mobile station UE#1 and transmits the parameter
Kx2 to the mobile station UE#2; the step in which the mobile station
UE#1 generates the key Kx using the parameter Kx1; the step in
which the mobile station UE#2 generates the key Kx using the
parameter Kx2; and the step in which the mobile station UE#1 and the
mobile station UE#2 transmit and receive the data signal through the Ud
interface using the key Kx.

[0099] In the sixth feature of the embodiments, the mobile management node
MME used in the mobile communication system, the mobile communication
system being configured such that the mobile station UE#1 and the mobile
station UE#2 can transmit and receive the data signal through the Ud
interface without the Uu interface, includes: the generator 12 that is
configured to generate the parameter Kx1 and the parameter Kx2
to generate the key Kx using the key KASME1 and the key
KASME2, the key Kx being used in the security of the data
signal transmitted and received through the Ud interface; and the
transmission unit 13 that is configured to transmit the parameter
Kx1 to the mobile station UE#1 and to transmit the parameter
Kx2 to the mobile station UE#2.

[0100] In the seventh feature of the embodiments, the mobile communication
method in which the mobile station UE#1 and the mobile station UE#2
transmit and receive the data signal through the Ud interface without the
Uu interface, includes: the step in which the radio base station eNB
generates the parameter Kx1 and the parameter Kx2 to generate
the key Kx using the key KeNB1 and the key KeNB2 the key
Kx being used in the security of the data signal transmitted and
received through the Ud interface; the step in which the radio base
station eNB transmits the parameter Kx1 to the mobile station UE#1
and transmits the parameter Kx2 to the mobile station UE#2; the step
in which the mobile station UE#1 generates the key Kx using the
parameter Kx1; the step in which the mobile station UE#2 generates
the key Kx using the parameter Kx2; and the step in which the
mobile station UE#1 and the mobile station UE#2 transmit and receive the
data signal through the Ud interface using the key Kx.

[0101] In the eighth feature of the embodiments, the radio base station
eNB used in the mobile communication system, the mobile communication
system being configured such that the mobile station UE#1 and the mobile
station UE#2 can transmit and receive the data signal through the Ud
interface without the Uu interface, includes: the generator 12 that is
configured to generate the parameter Kx1 and the parameter Kx2
to generate the key Kx using the key KeNB1 and the key
KeNB2, the key Kx being used in the security of the data signal
transmitted and received through the Ud interface; and the transmission
unit 13 that is configured to transmit the parameter Kx1 to the
mobile station UE#1 and to transmit the parameter Kx2 to the mobile
station UE#2.

[0102] In the ninth feature of the embodiments, the mobile station UE that
acts as the mobile station UE#1 in the mobile communication system, the
mobile communication system being configured such that the mobile station
UE#1 and the mobile station UE#2 can transmit and receive the data signal
through the Ud interface without the Uu interface, includes: the
reception unit 22 that is configured to acquire the key Kx from the
radio base station eNB or the mobile management node MME; and the
communication unit 24 that is configured to transmit and receive the data
signal to and from the mobile station UE#2 through the Ud interface using
the key Kx.

[0103] In the tenth feature of the embodiments, the mobile station UE that
acts as the mobile station UE#1 in the mobile communication system, the
mobile communication system being configured such that the mobile station
UE#1 and the mobile station UE#2 can transmit and receive the data signal
through the Ud interface without the Uu interface, includes: the
reception unit 22 that is configured to acquire the parameter Kx1
from the radio base station eNB or the mobile management node MME; the
generator 23 that is configured to generate the key Kx using the
parameter Kx1; and the communication unit 24 that is configured to
transmit and receive the data signal to and from the mobile station UE#2
through the Ud interface using the key Kx.

[0104] The operation of the mobile management node MME, the radio base
station eNB, the mobile station UE, or the like may be performed by
hardware, a software module executed by a processor, or a combination of
thereof.

[0105] The software module may be provided in any storage medium such as a
RAM (Random Access Memory), a flash memory, a ROM (Read Only Memory), an
EPROM (Erasable Programmable ROM), an EEPROM (Electronically Erasable and
Programmable ROM), a register, a hard disk, a removable disk, and a
CD-ROM.

[0106] The storage medium is connected to the processor such that the
processor can write and read information in and from the storage medium.
The storage medium may be integrated in the processor. The storage medium
and the processor may be provided in an ASIC. The ASIC may be provided in
the mobile management node MME, the radio base station eNB, the mobile
station UE, or the like. The storage medium and the processor may be
provided as a discrete component in the mobile management node MME, the
radio base station eNB, the mobile station UE, or the like.

[0107] Although the present invention is described in detail using the
embodiment, it is clear for those skilled in the art that the present
invention is not limited to the embodiment. Various corrections and
changes can be made without departing from the scope of the present
invention. Accordingly, the description is aimed only at the
illustration, and the description has no restrictive meaning to the
present invention.

REFERENCE SIGNS LIST

[0108] MME mobile management node

[0109] eNB radio base station

[0110]
UE mobile station

[0111] 11, 21 management unit

[0112] 12, 23 generator

[0113] 13 transmission unit

[0114] 22 reception unit

[0115] 24
communication unit

Patent applications by Mikio Iwamura, Chiyoda-Ku JP

Patent applications by Wuri Andarmawanti Hapsari, Chiyoda-Ku JP

Patent applications by NTT DOCOMO, INC.

Patent applications in class Privacy, lock-out, or authentication

Patent applications in all subclasses Privacy, lock-out, or authentication